repo-add: add --include-sigs option

Pacman now downloads the signature files for all packages when present in a
repository.  That makes distributing signatures within repository databases
redundant and costly.

Do not distribute the package signature files within the repo databases by
default and add an --include-sigs to revert to the old behaviour.

Signed-off-by: Allan McRae <allan@archlinux.org>

doc/repo-add.8.asciidoc

@@ -70,6 +70,8 @@ repo-add Options
 	Remove old package files from the disk when updating their entry in the
 	database.
 
+*\--include-sigs*::
+	Include package PGP signatures in the repository database (if available)
 
 Example
 -------

scripts/repo-add.sh.in

@@ -42,6 +42,7 @@ LOCKFILE=
 CLEAN_LOCK=0
 USE_COLOR='y'
 PREVENT_DOWNGRADE=0
+INCLUDE_SIGS=0
 
 # Import libmakepkg
 source "$LIBRARY"/util/compress.sh
@@ -260,7 +261,7 @@ db_write_entry() {
 	fi
 
 	# compute base64'd PGP signature
-	if [[ -f "$pkgfile.sig" ]]; then
+	if (( INCLUDE_SIGS )) && [[ -f "$pkgfile.sig" ]]; then
 		if grep -q 'BEGIN PGP SIGNATURE' "$pkgfile.sig"; then
 			error "$(gettext "Cannot use armored signatures for packages: %s")" "$pkgfile.sig"
 			return 1
@@ -622,6 +623,9 @@ while (( $# )); do
 		-p|--prevent-downgrade)
 			PREVENT_DOWNGRADE=1
 			;;
+		--include-sigs)
+			INCLUDE_SIGS=1
+			;;
 		*)
 			args+=("$1")
 			;;